Live Updates released for Symantec Security Information Manager (SSIM) Collectors - June and July 2013

Article Id: 158291
Status: Published
Updated On: 08-08-2013 12:56
Legacy Id: TECH209480
Products:
Security Information Manager
Issue/Introduction:

You would like to review which SSIM Collectors LiveUpdate packages were released June and July 2013. 

Note: You must update your Java LiveUpdate to Jave LiveUpdate v3.7.7 or better before downloading Live Updates for Collectors

Note:If using LiveUpdate Administrator you must update to LUA 2.3.2 or newer to download SSIM v5.0 and newer collector Live Updates

 

 

Resolution:

LiveUpdates have been released for collectors in June and July 2013

Overview
Symantec has released collector LiveUpdate packages for the following collectors and sensors:
 
This release contains update to the following Collectors divided in two categories:
  1. LiveUpdates released for defect fixes only:
  • Symantec Event Collector 4.4 for Forescout Counteract
    • Fixed: added support for more logging choices
  • Symantec Event Collector 4.4 for Fortinet
    • Fixed: Fortinet collector mapping for intrusion Outcome ID incorrect (status=dropped)
  • Symantec Event Collector 4.3 for ISS Siteprotector
    • Fixed:  java.lang.StringIndexOutOfBoundsException: String index out of range
  • Symantec Event Collector 5.0 for Fortinet Services
    • Fixed: Fortinet collector mapping for intrusion Outcome ID incorrect (status=dropped)
  • Symantec Event Collector 4.3 for McAfee EPO v4
    • Fixed: Not mapping signature name when present in raw event
  • Symantec Event Collector 4.3 for Microsoft IIS
    • Fixed: Server outbound bytes field too small for large file downloads
  • Symantec Event Collector 5.0 Management Event Collector
    • Fixed: Events were truncated if it contained white space character
  • Symantec Event Collector 5.0 for Palo Alto Firewall
    • Fixed: Cannot convert the IP address "" to numeric value:
  • Symantec Event Collector 5.0 for Palo Alto NG Firewall
    • Fixed: Source Assignment for Network Malware
  • Symantec Event Collector for Sourcefire
    • Fixed: Sourcefire ipv6 collector detection engine name inconsistently parsed
  • Symantec Event Collector 4.3 for Symantec Endpoint
    • Fixed: Transaction (Process ID) was deadlocked on lock resources with another process and has been chosen as the deadlock victim
  • Symantec Event Collector 5.0 for Symantec Endpoint State
    • Fixed: Collector not mapping correctly SONAR Event
    • Fixed: Collecting duplicate events for AgentSystemLogQuery only
    • Fixed: Snapshot takes too long to complete
    • Added: Option for SEP State collector to only collect latest scan
    • Fixed:  current_ver_date contained null for some events
    • Fixed: Event description populated by null for some events
  • Symantec Event Collector 5.0 for Unix Syslog
    • Fixed: Incorrect population of User Name and Target Resource
    • Fixed: Invalid source hostname
    • Changed: Format changed for “password change” event
    • Fixed: Event GID changed for user is not getting captured. The event is filtered out by Catch-All filter
    • Changed: Format change for "User Name Changed" event
    • Changed: Format change for "Unknown User" event
    • Changed: Format change for "User Name Changed in Group" event
    • Fixed: logging_device_ip and logging_device_name populated incorrectly
    • Fixed:  Some events translated as SSHCatchAll is now translated more properly
    • And other fixes for this collector 
  • Symantec Event Collector 4.4 for VMWare vSphere
    • Fixed: Update System Events with "Connection Rejected" (512001) event_id
    • Fixed: Update Event Class of Remote Console Event
    • Fixed: Task Information mapped to an Indexed field
  • Symantec Log File Sensor 2.21-2.44 upgraded to  2.45 
  1. LiveUpdates have also been released to support new versions of end point products:
  • Symantec Event Collector 4.3 for Apache WS (supported added for v2.4)
  • Symantec Event Collector 4.4 for Cisco ASA (support added for v9.1)
  • Symantec Event Collector 4.4 for Cisco IPS (support added for v7.1(7) E4)
  • Symantec Event Collector 5.0 for Juniper SRX (support added for v12.1 R3.5)
  • Symantec Event Collector 4.3 for McAfee EPO (support added for v5.0)
  • Symantec Event Collector 5.0 for McAfee Intrushield (support added for v7.5)
  • Symantec Event Collector 4.4 for Oracle DB (support added for v11gR2)
  • Symantec Event Collector 5.0 for Palo Alto NGFW (support added for v5.0.4)
  • Symantec Event Collector 4.3 for Snare for Windows (support added for v4.0.1.2a)
  • Symantec Event Collector 5.0 for Sophos Enterprise Console (support added for v10.x)
  • Symantec Event Collector 5.0 for Sourcefire Snort Unified2 (support added for v2.9.4)
  • Symantec Event Collector 5.0 for Symantec Endpoint (support added for v12.1RU3)
  • Symantec Event Collector 5.0 for Symantec DLP (support added for v11.6)
  • Symantec Event Collector 5.0 for Sourcefire eStreamer (support added for v5.1.1)
  • Symantec Event Collector 5.0 for Websense WebSecurity (support added for v7.6.2/3)